loofah 0.3.1 Released

loofah version 0.3.1 has been released!

* <http://loofah.rubyforge.org> * <http://rubyforge.org/projects/loofah&gt; * <http://github.com/flavorjones/loofah&gt;

Loofah is an HTML sanitizer. It will always fix broken markup, but can also sanitize unsafe tags in a few different ways, and transform the markup for storage or display.

It's built on top of Nokogiri and libxml2, so it's fast. And it uses html5lib's whitelist, so it most likely won't make your codes less secure. \*

\* These statements have not been evaluated by Netexperts.

== CHANGES in 0.3.1

Bug fixes:

* Scrubbed Documents properly render html, head and body tags when serialized.

== FEATURES

* _Strip_ unsafe tags, leaving behind only the inner text. * _Prune_ unsafe tags and their subtrees, removing all traces that they ever existed. * _Escape_ unsafe tags and their subtrees, leaving behind lots of <tt>&lt;</tt> and <tt>&gt;</tt> entities. * _Whitewash_ the markup, removing all attributes and namespaced nodes. * Format the markup as plain text. * Replacements for Rails's +strip_tags+ and +sanitize+ helper methods. * TWO! Count them, TWO! ActiveRecord extensions: * Loofah::XssFoliate (an XssTerminate[http://github.com/look/xss_terminate/tree/master\] drop-in replacement) is an *opt-out* sanitizer; by default all models and attributes are sanitized. * Loofah::ActiveRecordExtension is an *opt-in* sanitizer; you must explicitly declare attributes to be sanitized. * 99 44/100 % pure

== COMPARE AND CONTRAST

Loofah is the only ruby XSS/sanitization library that guarantees well-formed and valid markup.

Also, it's pretty fast. Here is a benchmark comparing Loofah to other commonly-used libraries:

* Comparison of Loofah against other Ruby HTML sanitization libraries ยท GitHub

what a great name!

good stuff!